The mobile twin to hardened desktop OSes.
Reducing the amount of spyware on your phone through better accountability.
(Securing the apps is a whole ’nother layer atop that.)
Side question: How secure are minimal environments like KaiOS?
Tracking market prices for vulnerabilities is one option here for evaluating risk.
iOS is a barometer here. iOS seemed to be somewhat secure, but has thrown that cred out by including automated child sexual abuse image scanning for the police. As with many things, the feature is justified by peds-under-the-bed rhetoric. Antonio García Martínez opines this is a least-harm option in Hunting predators What exactly is the threat model here?
Basic android securing
Which android phones do not leave gaping unpatched security holes?. *tl;dr — Google, LG, then everyone else.
- 🏗 google tracking android devices
The hypothetical grugq phone is a hardened android variant.
Open-ish hardware: Librem
An alternative route is the Purism Librem 5 which essentially manufactures a little linux laptop which happens to be a phone. It runs a hardened Debian variant PureOS which is a full desktop OS. Essentially this means you get all the resources and tools of the Open Source community’s auditing and development, and also all the horror of the Open Source community’s terrible UX track record, wrapped up in one device of unspecified battery life. It looks kind of fun, in a stubborn hobbyist kind of way. I wonder how secure this phone truly is on hostile networks. For sure its configuration is screamingly weird enough that generic attacks are unlikely to work.
Ultra-open auditable hardware
Mobile: blackphone is a whole secure mobile device? Is that project still alive?
It is not clear which apps are safe. For example, Tiktok is not.
The same fingerprinting script and cookie is used on Bytedance’s news site Toutiao. So: If someone shares a video, Bytedance can
- tie the recipients of the video to the sender
- track recipients subsequently on Tiktok and Toutiao even if cookies are deleted.